I found a vulnerability in flash player but it was simple enough to resolve myself. However this should be added to the next release. In the javascript file:
.jenkins/war/scripts/yui/connection/connection-min.js This line: <param name="allowScriptAccess" value="always"> Needs to be changed to: <param name="allowScriptAccess" value="sameDomain"> This vulnerability makes it possible to steal or manipulate session cookies which might be used to impersonate a legitimate user. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/aa1a78fe-edd5-43bc-b8e3-853a90ad4c92%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
